7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.4 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
20.4%
Transmit requests in Xen’s virtual network protocol can consist of multiple
parts. While not really useful, except for the initial part any of them may
be of zero length, i.e. carry no data at all. Besides a certain initial
portion of the to be transferred data, these parts are directly translated
into what Linux calls SKB fragments. Such converted request parts can, when
for a particular SKB they are all of length zero, lead to a de-reference of
NULL in core networking code.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-223.235 | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < 5.4.0-176.196 | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < 5.15.0-102.112 | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < 6.5.0-27.28 | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < 6.8.0-7.7 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1166.179 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1122.132 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1057.63 | UNKNOWN |
ubuntu | 23.10 | noarch | linux-aws | < 6.5.0-1017.17 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/c7ec4f2d684e17d69bbdd7c4324db0ef5daac26a
launchpad.net/bugs/cve/CVE-2023-46838
nvd.nist.gov/vuln/detail/CVE-2023-46838
security-tracker.debian.org/tracker/CVE-2023-46838
ubuntu.com/security/notices/USN-6688-1
ubuntu.com/security/notices/USN-6701-1
ubuntu.com/security/notices/USN-6701-2
ubuntu.com/security/notices/USN-6701-3
ubuntu.com/security/notices/USN-6701-4
ubuntu.com/security/notices/USN-6724-1
ubuntu.com/security/notices/USN-6724-2
ubuntu.com/security/notices/USN-6725-1
ubuntu.com/security/notices/USN-6725-2
ubuntu.com/security/notices/USN-6726-1
ubuntu.com/security/notices/USN-6726-2
ubuntu.com/security/notices/USN-6726-3
www.cve.org/CVERecord?id=CVE-2023-46838
www.openwall.com/lists/oss-security/2024/01/22/2
xenbits.xen.org/xsa/advisory-448.html
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.4 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
20.4%